We all know the statement “data is the new oil.” The question remains — how do we protect it effectively and recover with confidence? Preparation is key.
Organizations are rapidly investing in security tools to mitigate the threats and risks associated with ransomware and malware, among other security threats. However, many do not think backups are critical to a security incident response. This is complicated as most organizations typically did not involve security groups in their backup solutions.
As the status quo shifts, CIO and CISOs are forced to get their groups to collaborate, especially given recent occurrences. When we look at recent ransomware attacks on larger organizations, including Canon, which had some of the strongest security policies and backup systems in place, it demonstrates that all organizations are vulnerable. The SolarWinds attack is another recent example. The ‘bad actors’ are getting smarter and attacking backup systems first, before production data, leaving organizations cornered without a path to recovery. If security was not involved in your last purchase, perhaps you may not have the right solution.
Explore key points to better prepare your data protection strategy below.
Security tools + data protection
Preventing, detecting, and responding to ransomware requires an orchestrated effort using all the tools in your arsenal. If your backup solution does not integrate with your existing security tools (SIEM or SOAR, etc.) you may be able to recover (if at all), just not as quickly. This means that you will still end up paying ransom even when you had a backup solution in place. Automation with tools is the critical piece missing when it comes to traditional backup vendors.
If your data protection vendor does not provide guaranteed SLAs around your data durability (not just availability), then you are practically on your own. This means that the vendor needs to offer world-class security practices and offsite backups to ensure your data is isolated from your current infrastructure.
Protection from insider threats
This is an important factor as the ‘bad actors’ have started to steal credentials and impersonate genuine users to access and delete backups. If your backup solution is unable to detect and stop an insider threat — you are not ready for a cyber attack. Again, preparation is key, and it goes beyond just SSO or MFA. In addition to security best practices, what else is the vendor doing to protect you? Importantly, some vendors will suggest sending backups offsite to an immutable object storage like S3 will help — but will that really help if they have your credentials?
Verify your vendor’s preparedness
Ask your existing data protection vendor the following questions:
- How do you prepare and handle insider threats?
- Help us understand step-by-step how recovery works in the event of a security incident (not just outages/disasters).
- How do you guarantee immutability of the data? What is your SLA?
- When was the last time you ran a risk assessment test?
- What is your business continuity and security incident response plan?
Evaluate your own recovery process
Ask your organization the following questions:
- How do you know which is the clean snapshot to recover in the event of an attack?
- How do you identify there was an insider threat, and whether backups were deleted?
- How often do you simulate security incidents within your organization?
Druva: bolstering cyber resiliency through proven data protection
With ransomware continuing to be one of the biggest threats to organizations’ data today, Druva understands that preventing, detecting, and responding to threats requires a strong and orchestrated approach to cyber resiliency. Druva is a leader in cloud-native disaster recovery. If you haven’t already, we invite you to explore the Druva Cloud Platform and evaluate its advantages for your on-premises and cloud workloads, and reach out today for a free demo!